Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:
- 26qa
Environment:
Running on Windows 2008 Server R2,
Mongodb version (git hash): 1ea7e56cb2b8653d4b0453f04728033df34be9e1 (from 10/15)

Operating System:
Windows
Steps To Reproduce:
Hide

1. Launch a mongod with a sslPEMKeyFile that requires a password. Provide the password through sslPEMKeyPassword.

mongod --sslMode sslOnly --sslPEMKeyFile libs/client_password.pem --sslCAFile libs/ca_377.pem --sslPEMKeyPassword "asdf" --dbpath data/db

2. Open the Task Manager. Show the command line by going to View --> Select Columns... and making sure "Command Line" is checked.
3. You can see the password exposed, as in the screenshot.
Show
1. Launch a mongod with a sslPEMKeyFile that requires a password. Provide the password through sslPEMKeyPassword. mongod --sslMode sslOnly --sslPEMKeyFile libs/client_password.pem --sslCAFile libs/ca_377.pem --sslPEMKeyPassword "asdf" --dbpath data/db 2. Open the Task Manager. Show the command line by going to View --> Select Columns... and making sure "Command Line" is checked. 3. You can see the password exposed, as in the screenshot.

The argument to sslPEMKeyPassword can be revealed through the task manager on Windows. See the screenshot.